package cn.lger.icollege.config;

import cn.lger.icollege.security.AdminUserDetailsService;
import cn.lger.icollege.security.StudentUserDetailsService;
import cn.lger.icollege.security.TeacherUserDetailsService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.annotation.Resource;

/**
 * Code that Changed the World
 * Pro said
 * Created by Pro on 2018-04-05.
 */
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) //开启方法上的认证
public class SecurityConfig {

//    @Resource
//    private BCryptPasswordEncoder encoder;

    @Bean
    public PasswordEncoder passwordEncoder(){
//        return new PasswordEncoder() {
//            @Override
//            public String encode(CharSequence charSequence) {
//                return charSequence.toString();
//            }
//
//            @Override
//            public boolean matches(CharSequence charSequence, String s) {
//                return charSequence.toString().equals(s);
//            }
//        };
        return new BCryptPasswordEncoder();
    }


//    @Autowired
//    public void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth
//                .inMemoryAuthentication().passwordEncoder(new PasswordEncoder() {
//                    @Override
//                    public String encode(CharSequence charSequence) {
//                        return charSequence.toString();
//                    }
//
//                    @Override
//                    public boolean matches(CharSequence charSequence, String s) {
//                        return charSequence.toString().equals(s);
//                    }
//                })
//                .withUser("test")
//                .password("test")
//                .authorities("TEACHER", "STUDENT", "ADMIN");
//    }



    @Configuration
    @Order(1)
    public static class AdminWebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Resource
        private AdminUserDetailsService detailsService;

        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers("/css/**", "/img/**", "/vendors/**", "/js/**", "/icon/**"); //不过滤静态资源
            super.configure(web);
        }

//        @Override
//        protected void configure(HttpSecurity http) throws Exception {
//            http.csrf().disable().authorizeRequests().anyRequest().permitAll();
//        }


        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/admin/**").userDetailsService(detailsService)
                    .authorizeRequests() //获取请求方面的验证器
                        .anyRequest().hasAnyAuthority("ADMIN")
                        .and()
                    .formLogin() //获取登录认证验证器
                        .loginPage("/admin/login") //注册自定义的登录页面URL
                        .loginProcessingUrl("/admin/login")
                        .failureForwardUrl("/admin/login") //登录失败后以登录时的请求转发到该链接
                        .permitAll() //登录请求给予通过认证
                        .and()
                    .logout() //推出登录
                        .logoutUrl("/admin/logout")
                        .logoutSuccessUrl("/admin/login") //退出后访问URL
                        .and()
                    .csrf().disable(); //关闭csrf，默认开启
        }
    }

    @Configuration
    @Order(2)
    public static class TeacherWebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Resource
        private TeacherUserDetailsService detailsService;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/teacher/**").userDetailsService(detailsService)
                    .authorizeRequests() //获取请求方面的验证器
                        //访问需要角色权限
                        .anyRequest().hasAnyAuthority("TEACHER")
                        .and()
                    .formLogin() //获取登录认证验证器
                        .loginPage("/teacher/login") //注册自定义的登录页面URL
                        .loginProcessingUrl("/teacher/login")
                        .failureForwardUrl("/teacher/login") //登录失败后以登录时的请求转发到该链接
                        .permitAll() //登录请求给予通过认证
                        .and()
                    .logout() //推出登录
                        .logoutUrl("/teacher/logout")
                        .logoutSuccessUrl("/teacher/login") //退出后访问URL
                    .permitAll()
                        .and()
                    .csrf().disable(); //关闭csrf，默认开启
        }
    }

    @Configuration
    @Order
    public static class StudentWebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Resource
        private StudentUserDetailsService detailsService;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/stu/**").userDetailsService(detailsService)
                    .authorizeRequests() //获取请求方面的验证器
                        //访问需要角色权限
                        .anyRequest().hasAnyAuthority("STUDENT")
                        .and()
                    .formLogin() //获取登录认证验证器
                        .loginPage("/stu/login") //注册自定义的登录页面URL
                        .loginProcessingUrl("/stu/login")
                        .failureForwardUrl("/stu/login") //登录失败后以登录时的请求转发到该链接
                        .permitAll() //登录请求给予通过认证
                        .and()
                    .logout() //推出登录
                        .logoutUrl("/stu/logout")
                        .logoutSuccessUrl("/stu/login") //退出后访问URL
                        .permitAll()
                        .and()
                    .csrf().disable(); //关闭csrf，默认开启
        }

    }

}
